Vulnerability when letting users exchange unsanitized HTML

Description

When all the following conditions apply:
1) User1 can submit specially crafted text containing JavaScript to the server.
2) The server does not perform any sanitization of the submitted text.
3) The server allows text from user1 to be returned to user2 through a DWR Ajax call.
4) User1 tricks user2 into navigating to a specially crafted URL.
then user1's JavaScript may execute in user2's browser.

Big thanks to Takeshi Terada of Mitsui Bussan Secure Directions and JPCERT for reporting this issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5326

Activity

Show:
Mike Wilson
August 30, 2014, 9:26 AM

Implementation checked in.

Assignee

Mike Wilson

Reporter

Mike Wilson

Labels

None

Documentation Required

No

Components

Fix versions

Affects versions

Priority

Critical
Configure